Computer Science > Cryptography and Security

Abstract: Most encrypted data formats, such as PGP, leak substantial metadata in their
plaintext headers, such as format version, encryption schemes used, the number
of recipients who can decrypt the data, and even the identities of those
recipients. This leakage can pose security and privacy risks, e.g., by
revealing the full membership of a group of collaborators from a single
encrypted E-mail between two of them, or enabling an eavesdropper to
fingerprint the precise encryption software version and configuration the
sender used and to facilitate targeted attacks against specific endpoint
software weaknesses. We propose to improve security and privacy hygiene by
designing future encrypted data formats such that no one without a relevant
decryption key learns anything at all from a ciphertext apart from its length -
and learns as little as possible even from that. To achieve this goal we
present Padded Uniform Random Blobs or PURBs, an encrypted format functionally
similar to PGP but strongly minimizing a ciphertext's leakage via metadata or
length. A PURB is indistinguishable from a uniform random bit-string to an
observer without a decryption key. Legitimate recipients can efficiently
decrypt the PURB even when it is encrypted for any number of recipients' public
keys and/or passwords, and when those public keys are of different
cryptographic schemes. PURBs use a novel padding scheme to reduce potential
information leakage via the ciphertext's length $L$ to the asymptotic minimum
of $O(log_2(log_2(L)))$ bits, comparable to padding to a power of two, but with
much lower padding overhead of at most $12\%$ which decreases further with
large payloads.